vmail_ssl.map.db 中格式錯誤的 BASE64 值

我在 Ubuntu 20.04.5 中使用後綴。這是我的 vmail_ssl.map 文件，域名已編輯：

mail.domain.org /etc/letsencrypt/live/mail.domain.org/privkey.pem /etc/letsencrypt/live/mail.domain.org/fullchain.pem
mail.domain.net /etc/letsencrypt/live/mail.domain.net/privkey.pem /etc/letsencrypt/live/mail.domain.net/fullchain.pem

每次我使用 postmap 創建 vmail_ssl.map.db 時，它都會截斷 .net 域。它似乎只獲取 BASE64 值中域名的前三個字母。例如，如果 FQDN 為“mail.domain.net”，則 BASE64 值僅為“mail.dom”。以下是系統日誌不斷重複的行，其中一些部分已被編輯：

postfix/smtpd[656104]: connect from unknown[172.17.X.X]
postfix/smtpd[656104]: warning: table hash:/etc/postfix/vmail_ssl.map.db: key mail.domain.net: malformed BASE64 value: /etc/letsencrypt/live/mail.dom
postfix/smtpd[656104]: warning: tls_server_sni_maps: mail.domain.net map lookup problem
postfix/smtpd[656104]: SSL_accept error from unknown[172.17.X.X]: -1
postfix/smtpd[656104]: warning: TLS library problem: error:1422E0EA:SSL routines:final_server_name:callback failed:../ssl/statem/extensions.c:1006:
postfix/smtpd[656104]: lost connection after STARTTLS from unknown[172.17.X.X]
postfix/smtpd[656104]: disconnect from unknown[172.17.X.X] ehlo=1 starttls=0/1 commands=1/2

我已經執行了這些命令：

sudo postmap /etc/postfix/vmail_ssl.map
sudo postmap -r /etc/postfix/vmail_ssl.map
sudo systemctl reload postfix
sudo systemctl restart postfix

我什至在創建新的 vmail_ssl.map.db 之前刪除了現有的 vmail_ssl.map.db。系統日誌消息沒有改變。修復格式錯誤的 BASE64 值的任何想法？

輸出帶有域編輯的“postconf -n”：

postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
postconf: warning: /etc/postfix/main.cf: undefined parameter: virtual_mailbox_limit_maps
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 30720000
milter_default_action = accept
mydestination = localhost, localhost.localdomain
myhostname = domain.net
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
smtpd_use_tls = yes
tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000
postconf: warning: /etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
postconf: warning: /etc/postfix/main.cf: unused parameter: virtual_maildir_extended=yes

‘postconf -M’ 的輸出：

postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
postconf: warning: /etc/postfix/main.cf: undefined parameter: virtual_mailbox_limit_maps
smtp       inet  n       -       n       -       -       smtpd
submission inet  n       -       n       -       -       smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
smtps      inet  n       -       n       -       -       smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
dovecot    unix  -       n       n       -       -       pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

您沒有按照指示生成地圖，因此 postfix 正在嘗試查找 base64 值，但會看到逐字域和文件名。然後它無法讀取超出無效 base64 的字元。

postmap -F hash:/etc/postfix/vmail_ssl.map

該-F選項將模式從逐字索引值切換到將鍵放入 base64 並將值作為引用文件的內容。您的vmail_ssl.map文件應在左側包含域名，在右側包含引用相關證書的文件名。

另請注意有關將名稱放在 A-label 表單 ( xn--dmin-moa0i.example) 中的提示，因為這將是接收和查找的內容 - 在您的查找中不應有任何非 US-ASCII 字元。

引用自：https://serverfault.com/questions/1113501